NetIQ eDirectory 9.2 SP1 Release Notes

February 2020

NetIQ eDirectory 9.2 SP1 resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the eDirectory Community Support Forums, our community Web site that also includes product notifications, blogs, and product user groups.

For a full list of all issues resolved in NetIQ eDirectory 9.x, including all patches and service packs, refer to TID 7016794, “History of Issues Resolved in NetIQ eDirectory 9.x”.

For more information about this release and for the latest release notes, see the Documentation Web site. To download this product, see the Product Upgrade Web site.

IMPORTANT:If you are currently on Identity Manager 4.8, you must upgrade Identity Applications to version 4.8.0 HF1 before upgrading eDirectory to 9.2 SP1.

1.0 What’s New?

eDirectory 9.2 SP1 provides the following fixes in this release:

1.1 Updates for Dependent Components

In this release, the supported OpenSSL version is 1.0.2t.

1.2 Operating System Support

In addition to the platforms introduced in previous releases of eDirectory, this release adds support for the following operating system:

  • SUSE Linux Enterprise Server (SLES) 12 SP5

  • Red Hat Linux Enterprise (RHEL) 8.1

1.3 Fixed Issues

eDirectory 9.2 SP1 includes the following software fixes that resolve several previous issues:

eDirectory CEF Events Are Not Parsed by the eDirectory Collector

Issue: eDirectory CEF events are not parsed by the eDirectory Collector due to format mismatch in the Syslog server. (Bug 1147056)

eDirectory Fails to Load the CEFAudit Module Automatically on Restart

Issue: eDirectory fails to load the CEFAudit module automatically after restarting the server. (Bug 1138656)

eDirectory Displays -659 Error Code While Performing LDAP Operations

Issue: While performing LDAP bind operation for the same user across multiple servers at the same time, the operation might be successful in one server and the synchronization happens to the next replica server immediately. But due to the mismatch in time stamp for the operation in different servers, login might fail displaying -659 error code. (Bug 1155649)

Fix: To fix this issue, set NDSD_CC_SKULK_DELAY environment variable to 5 or greater value. For more information, see Synchronization Method in the eDirectory Administration Guide. If you still get the same error, set NDSD_CC_SKULK_DELAY to 5 or greater along with the newly introduced environment variable NDSD_RETRY_MODIFY to true. For more information, see eDirectory Displays -659 Error Code While Performing LDAP Operations in the Troubleshooting Section of the Administration Guide.

NOTE:eDirectory server should be stopped before setting the NDSD_RETRY_MODIFY environment variable. Restart the eDirectory server once the environment variable is set.

Performing Simultaneous Write Operations on eDirectory Objects Fail

Issue: Performing simultaneous write operations on eDirectory objects fail when performed on multiple replicas. (Bug 1153495)

Limits Imposed by Systemd on the Number of eDirectory Threads Is Not Removed While Upgrading

Issue: Limits imposed by Systemd on the number of eDirectory threads is not removed while upgrading the eDirectory server. (Bug 1157025)

eDirectory Fails to Dereference Some Aliases in case of Large Search Results

Issue: eDirectory fails to dereference some aliases in case of large search results. (Bug 1157731)

NDSCONS is Unable to Load dsrepair.dlm and dstrace.dlm in non-English locale

Issue: NDSCONS is unable to load dsrepair.dlm and dstrace.dlm in non-English locale. (Bug 1107101)

eDirectory Memory Leak Is Observed While Performing LDAP Searches

Issue: eDirectory memory leak is observed while performing LDAP searches with malformed LDAP requests. (Bug 1160370)

1.4 Supported Upgrade Paths

To upgrade to eDirectory 9.2 SP1, you need to be on eDirectory 8.8.8.x or above. For more information on upgrading eDirectory, see the NetIQ eDirectory Installation Guide.

2.0 System Requirements

For information about prerequisites, hardware requirements, and supported operating systems, see the NetIQ eDirectory Installation Guide.

3.0 Installing or Upgrading

To upgrade to eDirectory 9.2 SP1, you need to be on eDirectory 8.8.8.x or 9.0. For more information on upgrading eDirectory, see the NetIQ eDirectory Installation Guide.

4.0 Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

For the list of the known issues in eDirectory 9.1, refer to the Known Issues section in the respective release notes.

4.1 eDirectory Users Are Unable to Change Password when Tree Key Is of Type DES

Issue: eDirectory 9.2 encrypts/decrypts user passwords using OpenSSL in FIPS mode. Since DES is disallowed by FIPS 140-2, the operations fail if the tree key used for encryption/decryption is of type DES.

Workaround: You must disable the FIPS mode by specifying 0 for n4u.server.fips_tls in the nds.conf file.

5.0 Additional Documentation

5.1 iManager

For iManager information, refer to the iManager online documentation.

5.2 Novell International Cryptographic Infrastructure (NICI)

The NICI Administration Guide is included in the eDirectory documentation page.

5.3 eDirectory Issues on Open Enterprise Server (UNIX only)

For more information on eDirectory issues on Open Enterprise Server (OES), see OES Readme.

6.0 Legal Notices

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see

Copyright © 2020 NetIQ Corporation, a Micro Focus company. All Rights Reserved.